Article

Ultimate Guide to Insider Threats in Cyber Security

Security
Time to read: 4 minutes

As today’s organizations ramp up their efforts to defend against external cybersecurity threats, the greatest risk actually comes from those inside the company. In fact, insiders are responsible for more than half of all data breaches—posing a real threat to almost every business.

The Rising Cost of Insider Threats

So who exactly are insiders? And why should your company be concerned? In a nutshell, insiders are anyone with access to a company’s internal systems who willingly or accidentally misuse, modify, or delete sensitive data. This can include employees, independent contractors, third-party vendors, and supply chain partners.

To understand the damage insiders can wreak, look no further than Tesla, where an employee allegedly shared company trade secrets outside the organization. The former employee was sued for hacking Tesla’s manufacturing operating system and transferring gigabytes of data to outside entities, including dozens of confidential photographs and a video of Tesla’s manufacturing systems. He is also accused of periodically exporting data from Tesla’s network to third parties even after he left the company. Tesla said the former employee was acting in retaliation after he was involuntarily reassigned to a different role within the company.

Likewise, an ex-Apple employee was charged with stealing intellectual property regarding Apple’s self-driving car program and sharing it with Xmotors, a competitive company that hired him in China. The employee allegedly took Apple documents, air-dropping some of them from his phone to his wife’s laptop. He also allegedly stole a box of hardware including circuit boards and a Linux server. Apple noticed the breach after discovering that the employee’s network activity had “increased exponentially” after a return trip from China.

These are just two of many examples of how insiders can compromise an organization. As more companies embrace remote work and digital work environments, insiders are accessing and storing company data on a wide variety of personal devices and cloud storage sites, creating a new set of cybersecurity challenges that are difficult to identify and manage.

Indeed, the number of insider-caused cyber security incidents has increased 47% in just two years from 2018 and 2020, according to Ponemon Institute. What’s more, the average annual cost for insider threats has grown to an astounding $11.45 million.

Types of Insider Threats

Insider threats aren’t a technology problem; they’re a people problem. And the people who compromise a company’s data can do so either accidentally or maliciously. Insider threats can generally be grouped into three categories of people:

The High Stakes of Insider Threats

Because insiders are trusted employees who are often granted access to sensitive data, insider attacks can be difficult to uncover. On average, it takes companies 77 days to detect an insider incident—giving employees and contractors ample time to cause harm before the company notices and responds.

Insiders can damage an organization in many ways. Accidents can happen when employees unwittingly store their credentials in an unsafe place, and a cyber attacker than steals them. And malicious insiders can cause hundreds of dollars in damages through a variety of spiteful actions. They can maliciously steal a company’s intellectual property that took years to develop, robbing the company of its competitive advantage. They can sabotage a company’ systems or data, disrupting the organization’s operations. And they can harm an organization’s reputation by taking sensitive data and selling it for profit.

Whether accidental or malicious, insider attacks can result in lost customers and investors, ultimately compromising a company’s market share and its overall revenue.

How to Prepare

As the number of insider attacks continue to increase, they’ve now become more common than you might think. Indeed, 61 percent of organizations reported at least one insider attack over the last 12 months, according to one survey, with 22 percent reporting at least six separate attacks. And while these attacks are increasingly common, unfortunately, less than 20% of organizations have implemented a specific program to prevent insider threats.

So how can your company prepare? Consider the following best practices:

Protecting your business.

As insider threats damage businesses with greater frequency and severity, it’s critical for companies to guard against these types of cyber security risks. With the right strategy and technologies in place, today’s businesses can maximize employee productivity while defending their organization against these increasingly devastating attacks. Learn about SailPoint Identity Security.

Take control of your cloud platform.

Learn more about SailPoint Identity Security.

Get started

See what SailPoint Identity Security can do for your organization

Discover how our solutions enable modern enterprises today to meet the challenge of ensuring secure access to resources without compromising productivity or innovation.